Thursday, May 26, 2011

NX-OS Redistribution: what's different?

Hi all,
following the Nexus training course I taught last weeks, I would like to talk a little bit about IPv4 redistribution in NX-OS.

As you may have noticed, the redistribution between routing protocols in NX-OS follows a different logic comparing to IOS, let's try to clarify what is different using a simple two protocols topology.

If you have traditional IOS routers, in this topology you will perform a basic mutual redistribution on R2, something like:

R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 2 
R2(config-router)#router ospf 1 
R2(config-router)#redistribute rip subnets 

In this way you are redistributing:
-the "protocol learned" routes
-the connected routes that ara participating the redistributed protocol

For example, when you perform redistribution of RIP into OSPF on R2, you will redistribute:
-the RIP learned routes:
R2#sh ip route rip is subnetted, 1 subnets
R [120/1] via, 00:00:05, FastEthernet0/0
-the connected interfaces that are running RIP:
R2#sh ip protocols 
Routing Protocol is "rip"

  Routing for Networks:


That's why on R3 you will find all the routes correctly learned through OSPF:
R3#sh ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set is subnetted, 1 subnets
O E2 [110/20] via, 00:01:09, FastEthernet0/0 is subnetted, 1 subnets
O E2 [110/20] via, 00:01:09, FastEthernet0/0 is subnetted, 1 subnets
C is directly connected, Loopback1 is subnetted, 2 subnets
C is directly connected, FastEthernet0/0
O E2 [110/20] via, 00:01:09, FastEthernet0/0

Ok, no surprise until here, but what's different in NX-OS ?
Let's modify the same topology, using a NX-OS L3 device instead of R2:

Obviously the routing protocol configuration is different, but is also different the redistribution logic.

1) redistribution in NX-OS ALWAYS needs a route-map:
In this case we can use a "permit any" prefix list, just to perform a quick and dirty job :-)
I believe the route map limitation was introduced to force network engineer to think about redistribution and possibly try avoid l00ps.

the config may look something like this (I don't have a 7k to test it at the moment...)
ip prefix-list ALL-NETWORKS seq 5 permit le 32 

route-map ALL-NETWORKS permit 10
  match ip address prefix-list ALL-NETWORKS

router ospf 1 
  redistribute rip TEST route-map ALL-NETWORKS

2) redistribution logic is different: with the above configuration ONLY the RIP learned routes are redistributed, NOT the connected routes, even they are participating to the RIP process.
In fact, you are redistributing only the routes that you can see with the "show ip route rip" command.
That's why it's a normal behavior to have R3 receiving only the prefix.
The and routes are NOT redistributed because they are NOT learned via RIP on N7k-2.

To have also the connected N7k-2 routes redistributed into OSPF, you have to perform another redistribution...

3) redistribute CONNECTED need a different command! (can't understand why! the old one was so ugly?)
You need also a route-map to perform the connected redistribution. The config will look something like this:
ip prefix-list CONN seq 5 permit 
ip prefix-list CONN seq 10 permit 

route-map CONN>OSPF permit 10
  match ip address prefix-list CONN

router ospf 1 
  redistribute direct route-map CONN>OSPF
You can also avoid using a prefix list and simply use a match interface on the route-map...

Summary: when you are configuring redistribution in NX-OS, probably you will need to configure a double redistribution, the first for the protocol learned routes and the second for the connected routes.


{ Advertisement mode on }

If you and your company are interested to learn more about NX-OS and Nexus devices, you may consider to attend a NEXUS Advanced Training Course by Europa Networking, having good chances to have me as instructor. :-)

{ Advertisement mode off }

Tuesday, May 24, 2011

Still alive

Hi all,
some of my readers mailed me or chatted to know if I still alive, well, thanks a lot, I'm actually breathing, but I was busy on various projects in the last 3 months.

I started developing CCIE R&S products for IPExpert Inc, I hope you will see my name listed on the IPExpert web site and my insane labs in their workbooks soon.
That's why I stopped posting labs on the blog, I was using all my fantasy resources for the workbook. (by the way... if you want to buy it... :-) )

Also I managed to collaborate with Europa Networking to deliver an Advanced Nexus Training.

Here's a shot:

It was also a nice opportunity to play a lot with a couple of Nexus platforms, the course was a good balance between theory and practice.
(...and if your organization has just acquired some Nexus platforms or you are planning to use the Nexus 1000V on your VMware infrastructure, take a look on the Europa Networking web site, you have good chances to have me as instructor).

Plans for the future:
-Deliver more and more NX-OS training on various locations worldwide
-Hopefully continue the collaboration with IPExpert
-Do some consulting-spots (1 or 2 weeks) in UK or in other english/german/spanish speaking country (any proposal?)